l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security

Details can be found at www.openbsd.org. It does come with the following
packages which are source-code audited:

OpenSSH 2.3.0
perl 5.6.0 plus patches
Apache 1.3.12 + patches, including Mod_ssl 2.6.2, OpenSSL 0.9.5a
ipf 3.3.18
sendmail 8.10.1
sudo 1.6.3p5
KTH Kerberos 1.0.2

It also has the ports collection, which is not audited by the OpenBSD team.
No, it's not immune to holes in ported packages. However, you do have to go
out and actively install them ... it doesn't come with non-audited software
installed by default. At least you know when you're introducing a possible
security hole, instead of finding out afterwards. It also seems that other
companies are learning from this ... the RedHat Wolverine beta now ships
with services turned off by default, too.

OpenBSD also creates a checklist for locking the system down, which is
reviewed and mailed to root every evening. And the man pages are useful to

As far as provided a basic, functional OS, I think it does just fine. You
might check it out ... I have a basis for comparison, myself, in securing a
RedHat 7.0 vs. OpenBSD 2.7 box.

OpenBSD has gone 3 years without a remote exploit in the default
installation. I haven't heard of another "mainstream" OS that can make the
same claim.


----- Original Message -----
From: "Bill Broadley" <bill@math.ucdavis.edu>
To: <vox-tech@franz.mother.com>
Sent: Wednesday, April 11, 2001 11:28 PM
Subject: Re: [vox-tech] Re: OpenBSD and Security

> What does Openbsd use for DNS?  Maildelivery?  FTP? NTP? ssh?  Or does
> the installation not include this functionality and rely on the user
> to install them?
> Is it somehow immune to the bugs that have plagued all the popular
> distributions?
> Or is it just because of a much smaller user based that nobody notices.
> --
> Bill

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.